向 WSDL 添加 SOAP 隐式标头 [英] Adding SOAP implicit headers to WSDL
问题描述
我的问题与此类似.如何在 WSDL 未定义时传递 Soap 标头?但不一样.
My question is similar to this. How To Pass Soap Header When WSDL Doesn't Define It? But is different.
对于我使用的 Web 服务,所有方法都需要在 SOAP 标头内以明文形式发送的身份验证.但是,我的 WSDL 不包含任何soap 标头信息.我有一个自定义平台工具,我必须使用它来从 WSDL 生成代码.由于标题信息不可用,我无法直接使用生成的类 - 我不想手动修改代码以容纳标题.
For a web service I use, all methods need authentication which is sent in cleartext inside a SOAP header. However, my WSDL doesn't include any soap header information. I have a custom platform tool which I must use to generate code from the WSDL. Since the header info is not available, am unable to use the generated class directly - I do not want to manually modify the code to accommodate the header.
我尝试在 WSDL 中指定 SOAP 标头,但未能获得正确的命名空间.WSDL 在这里 https://stage.totalcheck.sensis.com.au/service/webservice?wsdl 和 SOAP 标头如下:
I tried specifying the SOAP header in the WSDL but I failed to get the correct namespaces. The WSDL is here https://stage.totalcheck.sensis.com.au/service/webservice?wsdl and the SOAP header is as follows:
<soapenv:Header>
<wsse:Security>
<wsse:UsernameToken>
<wsse:Username>username</wsse:Username>
<wsse:Password>password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
有人可以帮我吗?谢谢!
Can someone help me? Thanks!
推荐答案
从概念的角度来看,WSDL 不应该定义标题.WSDL 仅用于定义服务的功能方面,如操作、消息、绑定和端点.消息和绑定定义了消息的有效负载应该如何编码和格式化.
From a conceptual point of view, WSDL is not supposed to define headers. WSDL is only for defining the functional aspects of a service, like operations, messages, binding and endpoints. Messages and bindings define how the payload of messages should be encoded and formatted.
但是,SOAP 消息的标头不属于有效负载.它们通常用于配置 SOAP 处理器的非功能性属性.安全性是一种非功能性的属性.有效载荷的功能方面不受影响.只保证通信是安全的,并且 WS 工具堆栈而不是服务实现应该负责这一点.
The headers of SOAP messages however do not belong to the payload. They are typically used for configuring non-functional properties of a SOAP processor. Security is such a non-functional property. The functional aspect of the payload is not affected. It is only assured that the communication is secured and the WS tool stack, not the service implementation, should take care of that.
所以现在缺少的部分是允许将一些非功能性需求附加到 WSDL 服务的标准,以便代码生成器可以自动推导出哪些标头需要发送和/或理解以实现非功能性属性根据需要 - 无需手动处理标题字段.该标准存在并称为WS-Policy.策略通常包含一组备选方案,这些备选方案公开了提供者和消费者都应该能够满足的一组要求.当两个服务应该相互交互时,两个策略都会被采用并计算所谓的有效策略".它定义了常见的非功能性需求.使用此信息,提供者和消费者可以自行配置以添加所需的标头,例如 WS-Security 标头.WS-SecurityPolicy 还定义了一组可以使用的策略.WS-PolicyAttachment 定义了如何将此类策略附加到 WSDL.
So the missing piece is now a standard that allows for attaching some non-functional requirements to WSDL services, so that code generators can automatically derive which headers need to be sent and/or understand in order to fulfill the non-functional property as desired -- without having to manually deal with header fields. This standard exists and is called WS-Policy. A policy contains typically a set of alternatives that expose a set of requirements that both, provider and consumer should be able to fulfill. When two services are supposed to interact with each other, both policies are taken and a so called "effective policy" is calculated. It defines the common non-functional requirements. Using this information, provider and consumer can configure themselves to add required headers, like the WS-Security headers. WS-SecurityPolicy also defines a set of policies that can be used. WS-PolicyAttachment defines how such policies can be attached to a WSDL.
有些代码生成器可以处理 WS-Policies,例如Metro 或 Axis2
There are code generators that can deal with WS-Policies, e.g. Metro or Axis2
这篇关于向 WSDL 添加 SOAP 隐式标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
